package onlinebanking.server.objects;

import java.sql.ResultSet;
import java.sql.SQLException;

import onlinebanking.constants.MSG;
import onlinebanking.network.Message;
import onlinebanking.server.SimpleServer;
import onlinebanking.sql.*;

public class PersonalAccount extends QueryObject {
	/**
	 * Personal Account primary key
	 */
	int personalaccountid;
	/**
	 * Username used for login
	 */
	String username;
	/**
	 * Password
	 */
	String password;
	

	public PersonalAccount(int personalaccountid) {
		super();
		String sqlstatement = "SELECT personalaccountid,username,password FROM personalaccounts WHERE personalaccountid = ? ;";
		//user inherited variables
		this.sqltable.setSQLStatement(sqlstatement);
		this.sqltable.setIntParam(1, personalaccountid);
		this.resultset = this.sqltable.executeSQL();
		_loadinfo();
	}

	public PersonalAccount(String username) {
		super();
		String sqlstatement = "SELECT personalaccountid,username,password FROM personalaccounts WHERE username = ? ;";
		//user inherited variables
		this.sqltable.setSQLStatement(sqlstatement);
		this.sqltable.setStringParam(1, username);
		this.resultset = this.sqltable.executeSQL();
		_loadinfo();
	}
	
	/**
	 * loads local variables from database
	 */
	private void _loadinfo(){
		try {
			//if no results, return
			if(!resultset.first())	return;	
			
			//loads variables from db
			personalaccountid = resultset.getInt("personalaccountid");
			username = resultset.getString("username");
			password = resultset.getString("password");			
			
		} catch (SQLException e) {
			e.printStackTrace();
		}
	}
	/**
	 * Returns personalaccountid
	 * @return personal accountid
	 */
	public int getpersonalaccountid(){
		return this.personalaccountid;
	}


	/*=======================================Static methods here============================== */
	 
	public static String getUsernameByPersonalAccountid(int personalaccountid){
		String sqlstatement = "SELECT username FROM personalaccounts WHERE personalaccountid = ? ;";
		
		SQLTable sqltable = new SQLTable(SQLConnection.getInstance().getConnection());
		sqltable.setSQLStatement(sqlstatement);
		sqltable.setIntParam(1, personalaccountid);
		ResultSet rs = sqltable.executeSQL();
		
		try {
			if(rs.next()){
				return rs.getString(1);
			}else{
				return null;
			}
		} catch (SQLException e) {
			e.printStackTrace();
			return null;
		}
		
	}

	//di ko alam kung para saan to??
	public static PersonalAccount getPersonalAccountByUsername(String username) {
		// connect to db

		String sqlstatement = "SELECT personalaccountid,bankaccountid FROM accountowners WHERE username = ? ;";
		
		SQLTable sqltable = new SQLTable(SQLConnection.getInstance().getConnection());
		sqltable.setSQLStatement(sqlstatement);
		sqltable.setStringParam(1, username);
		ResultSet resultset = sqltable.executeSQL();
		
		PersonalAccount pa = null;
		
		try {
			if(resultset.next()){
				resultset.getInt(1);
			}
		} catch (SQLException e) {
			e.printStackTrace();
		}
		
		return pa;
	}
	
	public static PersonalAccount createNewPersonalAccount(String username, String password){
		String verifyexistenceSQL = "SELECT username FROM personalaccounts WHERE username = ?";
		SQLTable sqltable = new SQLTable(SQLConnection.getInstance().getConnection());	
		
		if( sqltable.executeSQL() != null){
			return null; //username already exists
		}
		
		String insertSQL = "INSERT into personalaccounts (username,password) VALUES (?,?);";
		sqltable.setSQLStatement(insertSQL);
		sqltable.setStringParam(1, username);
		sqltable.setStringParam(2, password); // TODO : encrypt password
		int newpersonallacountid = sqltable.executeUpdate();
		return new PersonalAccount(newpersonallacountid);
	}
	
	public static Message authenticateLogin(String username,String password){
		String sqlstatement = "SELECT username,password FROM personalaccounts WHERE username = ? ;";
		
		SQLTable sqltable = new SQLTable(SQLConnection.getInstance().getConnection());	
		
		//assigns the string to the prepstatement
		sqltable.setSQLStatement(sqlstatement);
		//assigns parameters to the prepSQLStatement
		sqltable.setStringParam(1, username);
		
		ResultSet resultset = sqltable.executeSQL();
		
		//prepare the resulting message
		Message response = new Message();
		
		try {
			//moves the pointer to the first element, returns false if none
			if(!resultset.first()){
				
				//no such user
				response.setMsgType(MSG.LOGIN_FAILED);
				response.addAttribute("reason", "No such user.");
			}else{
				
				String dbpassword  = resultset.getString("password");
				
				if(!dbpassword.equals(password)){ // TODO modify upon reading encrypted password
					
					//incorrect password
					response.setMsgType(MSG.LOGIN_FAILED);
					response.addAttribute("reason", "Incorrect password.");
				}else{
					response.setMsgType(MSG.LOGIN_SUCCESS);
				}
			}
		} catch (SQLException e) {
			e.printStackTrace();
			response.setMsgType(MSG.LOGIN_FAILED);
			response.addAttribute("reason", "SQL Exception.");
		}
		
		return response;		
	}
}

